Welcome to my blog. Here, I will post items of interest to me most likely focusing on:

Security in Healthcare Information Technology

Electronic Voting Security

Computer and Network Security

Sailing

Poker

Sports: Soccer, tennis, golf, football, Michigan sports

Friday, December 14, 2007

Ohio report is available

Ohio's secretary of state, Jennifer Brunner has commissioned a study that appears to be on the same order as California's top to bottom review of their voting systems. There are several reports available on the SoS web site. The most remarkable report is that of the academic team who analyzed the ES&S, Premier Elections Solutions, and Hart InterCivic voting systems. The academic report, produced by some of the leading computer security experts such a Matt Blaze, Harri Hursti, and Giovannie Vigna, and led by Patrick McDaniel of Penn State, is available here, on the SoS web site.

Quoting from the executive summary:

"All of the studied systems possess critical security failures that render their technical controls insufﬁcient to guarantee a trustworthy election. While each system possessed unique limitations, they shared critical failures in design and implementation that lead to this conclusion:

Insufﬁcient Security - The systems uniformly failed to adequately address important threats against election data and processes. Central among these is a failure to adequately defend an election from insiders, to prevent virally infected software from compromising entire precincts and counties, and to ensure cast votes are appropriately protected and accurately counted.

Improper Use or Implementation of Security Technology - A root cause of the failures present in the studied systems is the pervasive mis-application of security technology. Failure to follow standard and well-known practices for the use of cryptography, key and password management, and security hardware seriously undermine the protections provided. In several important cases, the misapplication of commonly accepted principles renders the security technology of no use whatsoever.

Auditing - All of the systems exhibited a visible lack of trustworthy auditing capability. In all systems, the logs of election practices were commonly forgeable or erasable by the principals who they were intended to be monitoring. The impact of the lack of secure auditing is that it is difﬁcult to know when an attack occurs, or to know how to isolate or recover from it when it is detected.

Software Maintenance - The software maintenance practices of the studied systems are deeply ﬂawed. This has led to fragile software in which exploitable crashes, lockups, and failures are com- mon in normal use. Such software instability is likely to increase over time, and may lead to highly insecure and unreliable elections."

and later in the executive summary:

"The review teams were able to subvert every voting system we were provided in ways that would often lead to undetectable manipulation of election results. We were able to develop this knowledge within a few weeks. However, most of the problems that we found could have been identiﬁed with only limited access to voting equipment. Thus, it is safe to assume that motivated attackers will quickly identify – or already have – these and many other issues in these systems. Any argument that suggests that the attacker will somehow be less capable or knowledgeable than the reviewer teams, or that they will not be able to reverse engineer the systems to expose security ﬂaws is not grounded in fact."

The report is an incredible read. This group, in only a couple of months, managed to completely subvert these system and to expose them as woefully insecure and inadequate for the real world. Secretary Brunner, to her credit, has now recommended the elimination of DREs in polling places in her state. Now if only other states will follow her lead and that of Debra Bowen, SoS of California.